The Engine Yard technology stacks are fully-curated, designed and optimized for business-critical application development.
Engine Yard Platform as a Service (PaaS) provides timely updates to its technology stack as outlined in this document:
- Stack update policy overview
- Externally published stacks
- Internal tracking mechanisms
- Stack update policy
- Policy exceptions
Stack update policy overview
The following table summarizes at a high level the update policy on our stacks:
|Technology Stack Identifier||Status||New Features||Stack Updates & Fixes|
|Engine Yard Gentoo 2009||General Availability (GA)
|Platform Compatibility||Limited to security updates and major bug fixes.|
|Engine Yard Gentoo 12.11||General Availability (GA)
|Limited||All stable updates and bug fixes.
|Engine Yard Gentoo 16.06||
General Availibility (GA)
| All applicable
| All stable updates and bug fixes.
Read the sections below for more information.
Externally published stacks
The technical stacks published are:
Engine Yard Gentoo 2009 - based on a legacy version of the Gentoo operating system with many other stack components as described there (web server, app server, database, etc.).
Engine Yard Gentoo 12.11 - this update includes a rebase off Hardened Gentoo, which provides a more secure stack for your application environments; it is based off recent Gentoo, including Hardened Gentoo toolchain enhancements that provide mitigation against various exploit vectors and improve the security of all software within the distribution. For more information, see this doc.
Engine Yard Gentoo 16.06 - this update includes a rebase off Hardened Gentoo, which provides a more secure stack for your application environments; it is based off recent Gentoo, including Hardened Gentoo toolchain enhancements that provide mitigation against various exploit vectors and improve the security of all software within the distribution.
Internal tracking mechanisms
Internally Engine Yard tracks versions of tech stack components in categories including operating systems, interpreters, application and web servers, databases, caches and stores, frameworks, and more.
As new stable updates and bug fixes become available to the community, the Engine Yard Product and Project Managers review and determine the appropriate support and timeframe for release. Internal stack review meetings occur bi-weekly.
Product Managers also hold routine meetings with subject matter experts (internal developers, support team, and others in the community) to determine best practices and to help establish the desired product roadmap -- which drives the priorities of releases, including features and stack updates.
After the desired timeframe and priority has been established, then the Engineering team schedules the appropriate work (e.g., stack component ebuild, AMI, cookbook).
Stack update policy
Stack update policy is based on the technology stack that you are using in your application’s environment.
Deprecated GA tech stack
If you are using a tech stack in the deprecated GA state, you can expect limited feature updates. Stack updates are limited to security updates and major bug fixes only.
Current GA tech stack
New features, stack updates, and bug fixes are targeted to the current tech stacks in GA, and with the highest priority. Best practice is to use the current GA tech stack.
Futures: EA or LA tech stacks
If you are using a tech stack in the Early Access (EA) or Limited Access (LA) states, you can expect new features, stack updates, and bug fixes.
Important: Tech stacks in EA or LA are NOT intended for production environments.
Some unofficial stacks do exist; these are custom and are not guided by the policies stated here.
It is possible to encounter situations where Engine Yard must deviate from the policy defined here. In those cases, we will publish a Known Issue or Security Update describing the situation in the Engine Yard Developer Center News and Notes section.
If you have feedback or questions about this page, add a comment below. If you need help, submit a ticket with Engine Yard Support.
How can I try the Ubuntu stack?
Gives me an error:
You're not authorized to access this page
Ubuntu 14.04 was not ever GA'ed nor was the new ui. Currently we have stable v5 (Gentoo 16.06) https://support.cloud.engineyard.com/hc/en-us/sections/205071967-Engine-Yard-Gentoo-16-06 that is our newest stack offering.
The information above seems to indicate bug fixes and security patches are integrated to stacks on a regular basis. I've always wondered about this since I have multiple tickets open against known vulnerabilities and rarely do they get closed. If other distributions are patching the vulnerability and Gentoo has patched the vulnerability, why won't Engine Yard patch the vulnerability? The work has already been done for you. Keeping software up to date is one of the easiest ways to prevent attacks. Am I missing something? It just seems like there is no concern for security (or even respecting the above policy).
Please sign in to leave a comment.